169bdfe408
If the register allocator assigns kJavaScriptCallArgCountRegister
to {object}, we were clobbering the object, before pushing it to
the stack.
Additionally, we use PushReverse instead of Push to indicate
that kDataViewPrototypeGetByteLength has a JS call convention
(arguments are reversed). This is a no-op for x64, but it guarantees
the correct order of the padding in arm64.
Fixed: chromium:1406456
Bug: v8:7700, v8:13645
Change-Id: Ia9126ff5315ab4ab08ae733f138a1e0cb2d021a2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4156053
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85227}
18 lines
486 B
JavaScript
18 lines
486 B
JavaScript
// Copyright 2022 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
//
|
|
// Flags: --allow-natives-syntax --maglev --harmony-rab-gsab
|
|
|
|
function foo() {
|
|
const buffer = new SharedArrayBuffer(1395, {
|
|
"maxByteLength": 2110270,
|
|
});
|
|
const data = new DataView(buffer);
|
|
data.setInt16();
|
|
}
|
|
%PrepareFunctionForOptimization(foo);
|
|
foo();
|
|
%OptimizeMaglevOnNextCall(foo);
|
|
foo();
|